Increasingly, computer systems have needed to protect themselves against undesirable code. Such undesirable computer code has generally taken the form of viruses, worms, Trojan horses, spyware, adware, and so forth. The damage and/or inconvenience capable of being incurred by these types of undesirable code has ranged from mild interference with a program, such as the display of an unwanted political message in a dialog box, to the complete destruction of contents on a hard drive, and even the theft of personal information.
Propagators of such undesirable code have developed numerous modes of inflicting unwanted results. For example, shellcode is sometimes used for such purposes. Shellcode is an assembly language program which traditionally executes a shell on certain operating systems and may be used as an exploit payload, providing an attacker with access to a system.
Many mechanisms have been created in order to provide the much needed protection from such shellcode-related attacks. Examples of such mechanisms include intrusion detection/prevention systems, firewalls, etc. While these mechanisms are typically effective in terms of identifying patterns in network traffic that are indicative of shellcode-related attacks, such pattern matching techniques are complicated and inaccurate when the shellcode is encoded (e.g. utilizing UTF-8/16/32, HTML encoding, etc.). This is primarily the result of numerous permutation/combinations that need to be detected due to such encoding.
There is thus a need for overcoming these and/or other problems associated with the prior art.